carloscastilla - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

What are the cloud compliance issues organizations have to deal with?

Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind about cloud compliance.

I read that some companies are avoiding using cloud services because it creates cloud compliance issues, but that...

doesn't make sense to me. Why is compliance an excuse to not use the cloud? What extra compliance challenges does the cloud create?

Cloud compliance issues should absolutely not be a barrier for organizations seeking to move computing resources to the cloud. I've personally worked with dozens of organizations that operate in highly regulated environments and have moved some or all of their computing resources to cloud service providers. I am not aware of a single mainstream regulation that prohibits the use of cloud providers.

Cloud providers understand that many customers have concerns about cloud compliance issues, and they have gone out of their way in recent years to ensure that their operations comply with relevant standards and to make the details of their compliance available to their customers.

Amazon Web Services and Microsoft Azure, the two largest infrastructure as a service providers, publish compliance details on the web and certify that their operations are compliant with the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Information Security Management Act (FISMA), among dozens of other standards. Other major public cloud providers also have detailed information about how their services address major compliance requirements for customers, so enterprises shouldn't have a hard time finding the information they need.

The key thing for customers to remember is that security and compliance are both always shared responsibilities. While a cloud provider may operate their own systems and business processes in compliance with a particular standard, the customer remains responsible for ensuring that they use those services in a manner that remains compliant. However, that's certainly an achievable task, as demonstrated by the many regulated organizations currently using cloud computing services.

Ask the expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn about the ups and downs of cloud compliance

Find out how to meet HIPAA requirements with personal cloud storage

Check out how to secure data and ensure compliance in cloud-based services

This was last published in September 2016

Dig Deeper on Security audit, compliance and standards